Re: [squid-users] satellite/using more that one outgoing IP

Is tos part of squid 2.5 now?

Do we still have to patch it?

Thank you very much.

Best regards,

Edward Millington
(Network Administrator & Senior Technical Support Technician)
Cariaccess Communications Ltd.
Wildey
St. Michael
Barbados
1-246-430-7435
Fax : 1-246-431-0170
www.cariaccess.com

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Edward" <edward@cariaccess.com>
Sent: Monday, May 14, 2001 5:43 AM
Subject: Re: [squid-users] satellite/using more that one outgoing IP

> Have added your message to the tosaddracl web site so it doesn't get
> lost ;-)
>
> --
> Henrik
>
> > Edward wrote:
> > >
> > > Hi there!
> > >
> > > Would you like to have more that one out going IP address for better
> > > network management or for some other reason?
> > >
> > > Here is how you can do it.
> > >
> > > In this demonstration, I will be using a Cisco router w/ policy
> > > routing enable.
> > >
> > > 1. Suppose that you need to have different outgoing IP's for
> > > different subnets or a group of IP's.
> > >
> > > 2. Suppose that you have a lan and Satelite connection.
> > >
> > > Suppose that your satellite is only downstream. ie, you use your
> > > lan connection for upstream and come back down satellite. You do not
> > > route. All of the router across the world already know to route that
> > > Class of Address to your satellite provide.
> > >
> > > 3. I was made arrear that Squid 2.5 w/
> > > http://squid.sourceforge.net/tosaddracl/ will have this functionality.
> > >
> > > 4. Here is the info for using that parameter:
> > >
> > >
> > > The tosaddracl branch on Sourceforge has now been cleaned up, and as a
> > > result the configuration directives have changed sligthly.
> > >
> > > TAG: tcp_outgoing_address
> > >
> > > Allows you to map requests to different outgoing IP addresses based on
> > > the username or sourceaddress of the user making the request.
> > >
> > > tcp_outgoing_address ipaddr [[!]aclname] ...
> > >
> > > Example where requests from 10.0.0.0/24 will be forwareded with source
> > > address 10.1.0.1, 10.0.2.0/24 forwarded with source address 10.1.0.2
> > > and
> > > the rest will be forwarded with source address 10.1.0.3.
> > >
> > > acl normal_service_net src 10.0.0.0/255.255.255.0
> > > acl good_service_net src 10.0.1.0/255.255.255.0
> > > tcp_outgoing_address 10.0.0.1 normal_service_net
> > > tcp_outgoing_address 10.0.0.2 good_service_net
> > > tcp_outgoing_address 10.0.0.3
> > >
> > > Processing proceeds in the order specified, and stops at first fully
> > > matching line.
> > >
> > > Here is a part of my squid.conf:
> > > # Redirect for LAN & SAT
> > >
> > > acl sat1_service_net src 64.110.11.0/255.255.255.0
> > >
> > > acl sat2_service_net src 209.198.221.160/255.255.255.240
> > >
> > > tcp_outgoing_address 64.110.11.2 sat1_service_net
> > >
> > > tcp_outgoing_address 64.110.11.2 sat2_service_net
> > >
> > > tcp_outgoing_address 200.50.68.7
> > >
> > > # End
> > >
> > >
> > > 5. Please remember that the IP addresses that you use must also be
> > > config on the machine.
> > >
> > > 6. To have those outgoing IP's past through the router, here is a
> > > sample config for the router:
> > >
> > > !
> > > access-list 110 deny tcp any any neq www
> > > access-list 110 deny tcp host 200.50.68.7 any
> > > access-list 110 deny tcp host 64.110.11.2 any
> > > access-list 110 permit tcp any any
> > > access-list 120 deny tcp any any neq ftp
> > > access-list 120 deny tcp host 200.50.68.7 any
> > > access-list 120 deny tcp host 64.110.11.2 any
> > > access-list 120 deny tcp host 200.50.68.10 any
> > > access-list 120 permit tcp any any
> > > route-map squidcaching permit 10
> > > match ip address 110
> > > set ip next-hop 200.50.68.7
> > > !
> > > route-map squidcaching permit 120
> > > match ip address 120
> > > set ip next-hop 200.50.68.7
> > > Now if you do not allow those ip address in your access-list, you will

> > > not be able to browse since it would be loop back to the cache machine
> > >
> > > Thank you very much.
> > >
> > > Best regards,
> > >
> > > Edward Millington
> > > (Network Administrator & Senior Technical Support Technician)
> > > Cariaccess Communications Ltd.
> > > Wildey
> > > St. Michael
> > > Barbados
> > > 1-246-430-7435
> > > Fax : 1-246-431-0170
> > > www.cariaccess.com
>
Received on Mon May 14 2001 - 04:32:43 MDT